Differences between version 6 and revision by previous author of pam_tally(8).
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Thursday, August 17, 2006 4:36:22 am | by TomGreen | Revert |
| Older page: | version 3 | Last edited on Thursday, August 12, 2004 3:29:20 pm | by ChrisSamuel | Revert |
@@ -1,6 +1,19 @@
The pam_tally.so PAM module is intended to denying further authentication attempts after a given count of failed authentications.
pam_tally is the maintenance program for pam_tally.so: it can list and reset the accumulated counts.
-See
http://cvs
.sourceforge
.net/viewcvs
.py
/*checkout*
/pam/Linux-PAM/modules/pam_tally/README?content-type=text%2Fplain&rev=HEAD for details. (I don't know whether this is the authoritative source though.)
+The pam_tally project homepage is here:
+
http://www
.baverstock
.org
.uk
/tim
/pam/
Note that this only uses a local file (defaults to /var/adm/faillog) and has no facility to use LDAP or similar systems to combine results from several machines (or a cluster).
+
+pam_tally provides a subset of the functionality of pam_abl (http://www.hexten.net/pam_abl/), but where pam_tally simply counts failing usernames, pam_abl allows for:
+
+- counting failing hosts as well as usernames (my logs show the same attacking hostnames trying lots of different usernames rather than the other way round)
+
+- configurable time-based failures (e.g. record a failure if the user or host fails 5 times in an hour or 10 in a day)
+
+- configurable time-based auto-purging of failure database
+
+On the other hand, pam_abl seems to have 2 issues at the moment:
+1. some users (including me) report failures not being recorded in database (fixed in current CVS from sourceforge)
+2. an issue with OpenSSH where failures don't seem to be recorded (more details here: http://sourceforge.net/tracker/?group_id=148927&atid=773100)
